There are ways to attempt to prevent spoofed emails making it to your inbox, but none of them will be 100% effective. The methods that are most effective also have the potential of blocking emails that should be getting through. So these methods should be deployed when spoofed emails are a serious concern.
The most inclusive method is to block an entire domain from sending email to your server. This can be effective if you notice a lot of these emails are coming from the same place. Usually if this is the case, however, that place is something like “gmail.com” or something else that is used widely because it’s free. It’s also possible to block an individual address, but this can be circumvented easily by using a different email address.
If you have access to your domain’s DNS records, records can be added to the DNS that prevent emails being sent to you from a spoofed domain. The limitation of this is that the criminal can still spoof the user name only and get through. So email addresses like “tim.jones@gmail.com” will always get through, even if it was something else originally also from gmail.com.
All these methods can be deployed, but when it comes down to it, you are the last line of defense. There are ways to setup Gmail and Outlook to display warnings when an email from outside the domain is opened. But the user will still need to know what to be careful about.
